Remove ability to specify external addresses in GenerateToken endpoint

.changelog/14930.txt

@@ -0,0 +1 @@
+peering: remove ServerExternalAddresses parameter from token generation endpoint.

agent/peering_endpoint_test.go

@@ -96,39 +96,6 @@ func TestHTTP_Peering_GenerateToken(t *testing.T) {
 		// The PeerID in the token is randomly generated so we don't assert on its value.
 		require.NotEmpty(t, token.PeerID)
 	})
-
-	t.Run("Success with external address", func(t *testing.T) {
-		externalAddress := "32.1.2.3"
-		body := &pbpeering.GenerateTokenRequest{
-			PeerName:                "peering-a",
-			ServerExternalAddresses: []string{externalAddress},
-		}
-
-		bodyBytes, err := json.Marshal(body)
-		require.NoError(t, err)
-
-		req, err := http.NewRequest("POST", "/v1/peering/token", bytes.NewReader(bodyBytes))
-		require.NoError(t, err)
-		resp := httptest.NewRecorder()
-		a.srv.h.ServeHTTP(resp, req)
-		require.Equal(t, http.StatusOK, resp.Code, "expected 200, got %d: %v", resp.Code, resp.Body.String())
-
-		var r pbpeering.GenerateTokenResponse
-		require.NoError(t, json.NewDecoder(resp.Body).Decode(&r))
-
-		tokenJSON, err := base64.StdEncoding.DecodeString(r.PeeringToken)
-		require.NoError(t, err)
-
-		var token structs.PeeringToken
-		require.NoError(t, json.Unmarshal(tokenJSON, &token))
-
-		require.NotNil(t, token.CA)
-		require.Equal(t, []string{externalAddress}, token.ServerAddresses)
-		require.Equal(t, "server.dc1.peering.11111111-2222-3333-4444-555555555555.consul", token.ServerName)
-
-		// The PeerID in the token is randomly generated so we don't assert on its value.
-		require.NotEmpty(t, token.PeerID)
-	})
 }
 
 // Test for GenerateToken calls at various points in a peer's lifecycle

agent/rpc/peering/service.go

@@ -310,15 +310,9 @@ func (s *Server) GenerateToken(
 		break
 	}
 
-	// ServerExternalAddresses must be formatted as addr:port.
-	var serverAddrs []string
-	if len(req.ServerExternalAddresses) > 0 {
-		serverAddrs = req.ServerExternalAddresses
-	} else {
-		serverAddrs, err = s.Backend.GetLocalServerAddresses()
-		if err != nil {
-			return nil, err
-		}
+	serverAddrs, err := s.Backend.GetLocalServerAddresses()
+	if err != nil {
+		return nil, err
 	}
 
 	tok := structs.PeeringToken{

agent/rpc/peering/service_test.go

@@ -175,45 +175,6 @@ func TestPeeringService_GenerateToken(t *testing.T) {
 
 }
 
-func TestPeeringService_GenerateTokenExternalAddress(t *testing.T) {
-	dir := testutil.TempDir(t, "consul")
-
-	signer, _, _ := tlsutil.GeneratePrivateKey()
-	ca, _, _ := tlsutil.GenerateCA(tlsutil.CAOpts{Signer: signer})
-	cafile := path.Join(dir, "cacert.pem")
-	require.NoError(t, ioutil.WriteFile(cafile, []byte(ca), 0600))
-
-	// TODO(peering): see note on newTestServer, refactor to not use this
-	s := newTestServer(t, func(c *consul.Config) {
-		c.SerfLANConfig.MemberlistConfig.AdvertiseAddr = "127.0.0.1"
-		c.TLSConfig.GRPC.CAFile = cafile
-		c.DataDir = dir
-	})
-	client := pbpeering.NewPeeringServiceClient(s.ClientConn(t))
-	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
-	t.Cleanup(cancel)
-
-	externalAddress := "32.1.2.3:8502"
-	// happy path
-	req := pbpeering.GenerateTokenRequest{PeerName: "peerB", Meta: map[string]string{"foo": "bar"}, ServerExternalAddresses: []string{externalAddress}}
-	resp, err := client.GenerateToken(ctx, &req)
-	require.NoError(t, err)
-
-	tokenJSON, err := base64.StdEncoding.DecodeString(resp.PeeringToken)
-	require.NoError(t, err)
-
-	token := &structs.PeeringToken{}
-	require.NoError(t, json.Unmarshal(tokenJSON, token))
-	require.Equal(t, "server.dc1.peering.11111111-2222-3333-4444-555555555555.consul", token.ServerName)
-	require.Len(t, token.ServerAddresses, 1)
-	require.Equal(t, externalAddress, token.ServerAddresses[0])
-
-	// The roots utilized should be the ConnectCA roots and not the ones manually configured.
-	_, roots, err := s.Server.FSM().State().CARoots(nil)
-	require.NoError(t, err)
-	require.Equal(t, []string{roots.Active().RootCert}, token.CA)
-}
-
 func TestPeeringService_GenerateToken_ACLEnforcement(t *testing.T) {
 	// TODO(peering): see note on newTestServer, refactor to not use this
 	s := newTestServer(t, func(conf *consul.Config) {

api/go.mod

@@ -5,15 +5,10 @@ go 1.12
 replace github.com/hashicorp/consul/sdk => ../sdk
 
 require (
-	github.com/armon/go-metrics v0.3.10 // indirect
-	github.com/google/btree v1.0.0 // indirect
 	github.com/google/go-cmp v0.5.7
 	github.com/hashicorp/consul/sdk v0.11.0
 	github.com/hashicorp/go-cleanhttp v0.5.1
-	github.com/hashicorp/go-hclog v0.14.1
-	github.com/hashicorp/go-immutable-radix v1.3.0 // indirect
-	github.com/hashicorp/go-msgpack v0.5.5 // indirect
-	github.com/hashicorp/go-multierror v1.1.1 // indirect
+	github.com/hashicorp/go-hclog v0.12.0
 	github.com/hashicorp/go-rootcerts v1.0.2
 	github.com/hashicorp/go-sockaddr v1.0.2 // indirect
 	github.com/hashicorp/go-uuid v1.0.2